Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Chapter 12 IronPort Email Encryption

12-390

Cisco IronPort AsyncOS 7.1 for Email Configuration Guide

OL-22158-02

Note

You can also set up the appliance to first attempt to send a message over a TLS
connection before encrypting it. For more information, see

Using a TLS

Connection as an Alternative to Encryption, page 12-398

To configure outbound email encryption on the Email Security appliance,
complete the following steps:

Step 1

If you want to use a local key server, configure the IronPort Encryption
appliance. For instructions on configuring key servers, see the IronPort
Encryption Appliance Local Key Server User Guide.

Step 2

Configure an encryption profile. For instructions on configuring the encryption
profile, see

Configuring the Email Encryption Profile, page 12-392

Step 3

If you want to use the hosted key service, create a Cisco Registered Envelope
Service corporate account. You create the account by clicking the Provision
button after configuring an encryption profile.

Step 4

Configure an outgoing content filter. You need to configure a content filter to
tag the outbound emails that should be encrypted. For instructions on creating the
content filter, see

Configuring the Encryption Content Filter, page 12-398

The following web browsers are supported:

•

Microsoft® Internet Explorer 6 (Windows only)

•

Microsoft® Internet Explorer 7 (Windows only)

•

Firefox 2

•

Firefox 3

•

Safari 3

Encryption Workflow

When using email encryption, the IronPort Email Security appliance encrypts a
message and stores the message key on a local key server or a hosted key service.
When the recipient opens an encrypted message, the recipient is authenticated by
the key service, and the decrypted message is displayed.